i know this solution is anything but not secure. but the main point iin
doing this is a juristic question. if someone is able to put a war file
into the tomcat installed to your computer he can do probably anything
he wants to your computer. but if he is able to do so, this security
break is not the concern of me anymore, but the user's of this machine.


Gregor Schneider wrote:

> Hi Stephan,
>
> well, that's awkward.
>
> Even if you are able to disable automatic deployment, anybody knowing
> his ways around Tomcat will be able to change the settings again thus
> make Tomcat load the other apps :(
>
> my idea would be to write a valve checking which apps are installed:
> If any other then your delivered apps are installed, Tomcat is
> forwarding the request to a customized error-page.
>
> however, even this solution will not prevent anybody from tampering.
>
> HTH
>
> Greg



---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)